Lucene search
K

36722 matches found

NVD
NVD
added 2026/06/24 4:16 p.m.9 views

CVE-2026-50708

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 4:16 p.m.8 views

CVE-2026-50711

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component...

4.6CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 4:16 p.m.8 views

CVE-2026-50710

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...

4.6CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 4:16 p.m.9 views

CVE-2026-50701

A Reflected Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component...

5.1CVSS0.00268EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 4:16 p.m.12 views

CVE-2026-50705

A Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer...

4.6CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 4:16 p.m.9 views

CVE-2026-50712

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 4:16 p.m.11 views

CVE-2026-50700

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...

4.6CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:26 p.m.12 views

CVE-2026-50712

Frappe Framework 17.0.0-dev has a stored XSS in the frappe.ui.Tree component caused by improper neutralization of user-controlled input in tree node label rendering. The vulnerability affects the Tree view labeling logic and can lead to script content being stored and reflected in the UI. Publicl...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:18 p.m.11 views

CVE-2026-50711

CVE-2026-50711 affects Frappe Framework (17.0.0-dev). A Stored XSS exists in the Number Card component due to improper neutralization of user-controlled input. The connected documents confirm the vulnerability but do not specify exploit details, affected versions beyond 17.0.0-dev, or remediation...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 3:16 p.m.9 views

CVE-2026-50699

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in referencedocument using a whitelisted write path and trigger script execution when users open the affected Auto...

4.6CVSS0.00313EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 3:16 p.m.9 views

CVE-2026-50698

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...

4.6CVSS0.00256EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RSS context deletion logic We need to free the corresponding RSS context VNIC in the framework FW every time an RSS context is deleted in the driver. Commit 667ac333dbb7 added a check to delete the VNIC in the...

7.8CVSS5.7AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:8 p.m.5 views

CVE-2026-50710

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 3:8 p.m.34 views

CVE-2026-50710 Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...

4.6CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:8 p.m.9 views

CVE-2026-50710

CVE-2026-50710 affects Frappe Framework 17.0.0-dev with a Stored XSS in the Number Card filters_config due to unsafe evaluation of user-controlled data. The root cause is evaluating user-provided data in the Number Card component, enabling script injection. Public references are to Fluid Attacks ...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:4 p.m.10 views

CVE-2026-50709

CVE-2026-50709 : In Frappe Framework 17.0.0-dev, a stored XSS vulnerability exists in the Notifications → Events panel due to improper neutralization of user-controlled input. The issue affects the rendering of color in Events and is described with a CVSS v4.0 base score of 4.8 (MEDIUM). The conn...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:4 p.m.32 views

CVE-2026-50709 Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

4.8CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 2:58 p.m.11 views

CVE-2026-50708

CVE-2026-50708 affects Frappe Framework 17.0.0-dev, with a Stored XSS in the MultiSelectDialog component caused by improper neutralization of user-controlled input. The CVSS v4.0 base score is 4.8 (Medium), with network attack vector, low privileges required, and user interaction required. The im...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 2:58 p.m.30 views

CVE-2026-50708 Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 2:51 p.m.29 views

CVE-2026-50705 Frappe Framework 17.0.0-dev - Stored XSS in Form Dashboard headline rendering

A Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer...

4.6CVSS0.00256EPSS
Exploits0References2
Rows per page
Query Builder